Trojan js:Medfos.B with Chrome Update crx extension

4 posts in this topic

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.


My machine is currently running on Windows 7. I tried scanning my PC with Kaspersky Internet Scurity 2012 and also with microsoft security essentials. When doing so Kaspersky is not able to recognise chrome update crx as a malware but when doing with MSE it is giving an issue saying the below:


Category : Trojan

Description: This program is dangerous and executed the commands by attacker

Recommended Action: Remove this soft ware immediately.


Container File: C:/Users/[username]/AppData/Local/chromeupdate.crx

file: C:/Users/[username]/AppData/Local/chromeupdate.crx --> manager.js

Even after removing that trojan it pops after every 7 minutes in MSE browser. Not sure what has to be done with this?

Finally I un installed the chrome from PC though that even didn't solved my problem. I think there is some script which gets executed at start up of my machine that causes this. Manually removing this chrome update.crx file also doesn't help . Also I have deleted the chrome registry keys manually. No luck with all these things!!!!

I have stopped all the anti virsus which have been running....After doing so I have uploaded the chromeupdae.crx file for scanning on virustotal site....

And two anti-malware programs have determined this file as malicious...One is MSE and other is AntiVir...

Scanning with MalwareBytes Anti-Malware hasn't detected it as a Virus.......

Any suggestions on this are welcome??


I have ran the dds.scr and uploaded the files dds and Attach as mentioned in my previous topic.


Share this post

Link to post
Share on other sites

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.


  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


Share this post

Link to post
Share on other sites


48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Share this post

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.